In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.
IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”
It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.
Also, the growing commercial utilization of IoT systems will mean that the value of breaching and controlling these types of systems is increasing for attackers, says Greg Day from Palo Alto Networks.
Criminals Become More Sophisticated
The advancement of cyber-criminal skills has been predicted year on year, and apart from the unsophisticated nature of WannaCry, this has proved to be true. According to ZeroFox: “Artificial intelligence will lead to more sophisticated cyber-attacks and render basic protection methods obsolete” while Lastline said that in 2018, we can expect to see a dramatic increase in sophistication among cyber-criminals as they leverage AI and ML-powered hacking kits built from tools that criminals leaked or stole from state-sponsored intelligence agencies.
Adam Hunt, chief data scientist at RiskIQ, said: “Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. Machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches.”
Social Media Takeovers
Following on from the advancement of cyber-criminals, in 2018 there will be an easier ‘way in’ for attackers thanks to social media. According to Airbus CyberSecurity, social media can be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise.
Markus Braendle, head of the Airbus CyberSecurity business, said that from an attacker’s perspective, social media has become an easy target because of the number of non-cybersecurity savvy users, and the fact that these platforms are both easy and cost effective to use.
“To protect themselves against social media attacks, organizations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.”
Zerofox claimed that social media account takeovers “will run rampant in 2018”, with all users becoming potential victims, especially politicians (as we saw with President Trump).
Malware – Fileless Attacks
In our first half of this prediction series we looked at the predictions around mobile malware, and in predictions around more general malware the problems of detection seem to be continuing. Lastline said that as 2017 saw an increased amount of malware attacking the firmware and memory of hardware devices, we can expect hackers to increasingly turn to this type of attack.
In terms of detection, Colin Tankard, managing director of Digital Pathways, said that ‘file-less attacks’ will be taken more seriously, and be as big a threat as trojans. “These viruses reside in the memory of the PC and remain there until it is rebooted,” he said. “Normal anti-virus will not detect these attacks.”
Greg Day from Palo Alto Networks added that with the growing popularity of cryptocurrencies, we can expect to see more malware focused on stealing account information to empty these next-generation accounts.
More Use of MSSPs
With all of this bad news, surely there has to be a solution that will make security better? Resolve claimed that the reliance will fall upon the managed security solutions provider (MSSP), who will receive greater interest from organizations that recognize that the level of effort and in-house expertise required for a successful SOC is beyond their means.
“Smart MSSPs – those that have the right personnel and tools available to build buyer confidence – that demonstrate the ability to meet core enterprise requirements and state-of-the-art responses to security breaches will attract the most interest.”
The same company also predicted that as clients begin to request MSSPs to demonstrate attack responses and share metrics on time to respond/remediate for specific incident types, MSSPs will be pressured to provide detailed evidence and assurances of an MSSP's ability to respond effectively to a significant breach.
Those are the 11 points the security community predicted to have the most impact in 2018. Of course, and as Meltdown and Spectre have demonstrated, it is hard to know what really will create the headlines.